combine POW and captcha into one

2025-05-09 02:05:37 +00:00 · 2021-11-24 05:17:06 +11:00
parent 5c7e796440
commit 9f26e53798
10 changed files with 3088 additions and 29 deletions
--- a/src/scripts/hcaptcha.lua
+++ b/src/scripts/hcaptcha.lua
@ -5,10 +5,12 @@ local http = require("http")
 local utils = require("utils")
 local cookie = require("cookie")
 local json = require("json")
+local sha = require("sha")

 local captcha_secret = os.getenv("HCAPTCHA_SECRET")
 local captcha_sitekey = os.getenv("HCAPTCHA_SITEKEY")
-local cookie_secret = os.getenv("COOKIE_SECRET")
+local hcaptcha_cookie_secret = os.getenv("CAPTCHA_COOKIE_SECRET")
+local pow_cookie_secret = os.getenv("POW_COOKIE_SECRET")

 local captcha_provider_domain = "hcaptcha.com"

@ -21,6 +23,7 @@ local body_template = [[
 		<style>
 			:root{--text-color:#c5c8c6;--bg-color:#1d1f21}
 		    @media (prefers-color-scheme:light){:root{--text-color:#333;--bg-color:#EEE}}
+		    .h-captcha{min-height:85px;display:block}
 			a,a:visited{color:var(--text-color)}
 			body,html{height:100vh}
 			body{display:flex;flex-direction:column;background-color:var(--bg-color);color:var(--text-color);font-family:Helvetica,Arial,sans-serif;text-align:center;margin:0}
@ -28,7 +31,7 @@ local body_template = [[
 			footer{font-size:small;margin-top:auto;margin-bottom:50px}h3{padding-top:30vh}
 		</style>
 	</head>
-	<body>
+	<body data-pow="%s">
 		<h3>Captcha completion required</h3>
 		<p>We have detected unusual activity on the requested resource.</p>
 		<p>Please solve this captcha to prove you are not a robot.</p>
@ -41,9 +44,10 @@ local body_template = [[
 		<form method="POST">
 			<div class="h-captcha" data-sitekey="%s"></div>
 			<script src="https://hcaptcha.com/1/api.js" async defer></script>
-			<input type="submit" value="Submit">
+			<input type="submit" value="Calculating proof of work..." disabled>
 		</form>
 		<footer>Supported by <a href="https://kikeflare.com">KikeFlare</a></footer>
+		<script src="/sha1.js"></script>
 	</body>
 </html>
 ]]
@ -52,7 +56,8 @@ function _M.view(applet)
    local response_body
    local response_status_code
    if applet.method == "GET" then
-        response_body = string.format(body_template, captcha_sitekey)
+    	generated_work = utils.generate_secret(applet, pow_cookie_secret, true, "")
+        response_body = string.format(body_template, generated_work, captcha_sitekey)
        response_status_code = 403
 	    applet:set_status(response_status_code)
 	    applet:add_header("content-type", "text/html")
@ -75,7 +80,7 @@ function _M.view(applet)
                api_response = {}
            end
            if api_response.success == true then
-                local floating_hash = utils.generate_secret(applet, cookie_secret, true)
+                local floating_hash = utils.generate_secret(applet, hcaptcha_cookie_secret, true, nil)
                applet:add_header(
                    "set-cookie",
                    string.format("z_ddos_captcha=%s; expires=Thu, 31-Dec-37 23:55:55 GMT; Path=/", floating_hash)
@ -97,13 +102,24 @@ end

 function _M.check_captcha_status(txn)
    local parsed_request_cookies = cookie.get_cookie_table(txn.sf:hdr("Cookie"))
-    local expected_cookie = utils.generate_secret(txn, cookie_secret)
-    --core.Debug("RECEIVED SECRET COOKIE: " .. parsed_request_cookies["z_ddos_captcha"])
-    --core.Debug("EXPECTED SECRET COOKIE: " .. expected_cookie)
+    local expected_cookie = utils.generate_secret(txn, hcaptcha_cookie_secret, false, nil)
    if parsed_request_cookies["z_ddos_captcha"] == expected_cookie then
-        core.Debug("CAPTCHA STATUS CHECK SUCCESS")
+        --core.Debug("CAPTCHA STATUS CHECK SUCCESS")
        return txn:set_var("txn.captcha_passed", true)
    end
 end

+function _M.check_pow_status(txn)
+    local parsed_request_cookies = cookie.get_cookie_table(txn.sf:hdr("Cookie"))
+    if parsed_request_cookies["z_ddos_pow"] then
+	    local generated_work = utils.generate_secret(txn, pow_cookie_secret, false, "")
+	    local iterations = parsed_request_cookies["z_ddos_pow"]
+	    local completed_work = sha.sha1(generated_work .. iterations)
+		local challenge_offset = tonumber(generated_work:sub(1,1),16) * 2
+	    if completed_work:sub(challenge_offset+1, challenge_offset+4) == 'b00b' then -- i dont know lua properly :^)
+	        return txn:set_var("txn.pow_passed", true)
+	    end
+	end
+end
+
 return _M
--- a/src/scripts/register.lua
+++ b/src/scripts/register.lua
@ -3,4 +3,5 @@ package.path = package.path  .. "./?.lua;/usr/local/etc/haproxy/scripts/?.lua;/u
 local hcaptcha = require("hcaptcha")

 core.register_service("hcaptcha-view", "http", hcaptcha.view)
-core.register_action("hcaptcha-redirect", { 'http-req', }, hcaptcha.check_captcha_status)
+core.register_action("hcaptcha-check", { 'http-req', }, hcaptcha.check_captcha_status)
+core.register_action("pow-check", { 'http-req', }, hcaptcha.check_pow_status)